This means war ... or does it?

Mar. 12, 2014

Written by

KEVIN G. COLEMAN

Kevin Coleman is a senior fellow at SilverRhino and former chief strategist at Netscape. (File) ()

More

ADVERTISEMENT

When does a cyber attack against one or more private businesses or a country rise to the level of an act of war?

It’s an old question, one which has recently come up again, Clearly these conversations are driven by reported acts of cyber aggression taking place in the Ukraine. Currently, cyber attacks are criminal acts. Some believe, in certain circumstances, they are serious enough to be a capital offense. For example, if the cyber attack was premeditated and resulted in the loss of life, then it should be considered a capital offense, according to some.

That being the case, what would constitute an act of cyber war? It should be noted that use of military assets to thwart ongoing acts of cyber aggression can take place without a declaration of cyber war. Politico ran an article asking if the White House could declare a cyber war. That question would be relevant for the leaders of any country.

Most would agree that treating acts of cyber aggression against companies and countries as crime is appropriate as is treating it as a capital offense if there is loss of life. What is not agreed upon is at what point (if ever) does it move to an act of war? Calls for caution have been made for fear setting a red-line to define what constitutes an act of cyber war may result in cyber attackers launching attacks that go right up to that line, but not crossing it. This is a very complex and complicated question.

With the number of different scenarios that are appropriate in this context as well as the continued evolution of cyber attack techniques and cyber weapons, many believe that it must be determined on a case by case basis.

At the pace that this topic is moving forward, it is probably likely the first declaration of an act of cyber war will occur before there is agreement on the red-line. Of course there is the second biggest question – can the level of confidence in identifying who launched the attack and who was behind it reach the level of certainty where retaliatory action is appropriate?

More In C4ISR & Networks

More from this channel

More Headlines

Slideshow Stories

There's no better way to know what's going on every day in areas like UAS and sensors, GEOINT, C2 and communications, cyber, mobility and defense IT, than to sign up
for our daily C4ISRNET newsletters. The news will come right to your inbox, along with commentary and insight from our lineup of senior-level bloggers.